Putting Privacy Notices to the Test

Lorrie Faith Cranor, Professor of Computer Science and of Engineering and Public Policy, Carnegie Mellon University

Abstract:

We all know that hardly anybody ever reads privacy notices or security warnings, and when people try to read them, they tend to be long and extremely difficult to understand. In this talk I will start by discussing why privacy notices are important, explain why they are largely failing to inform people, and discuss some of the approaches companies and researchers are taking in an attempt to make privacy notices more useful. Then I’ll present a theory about the cognitive processes that take place when someone encounters a privacy notice or security warning. Finally, I will share several examples in which my students conducted user studies to test the effectiveness of privacy notices or security warnings. I will show some examples of notices that don’t seem to be very effective, as well as some examples of how notices can be improved through an iterative design and testing process.

Lorrie Faith Cranor is a Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University where she is director of the CyLab Usable Privacy and Security Laboratory (CUPS) and co-director of the MSIT-Privacy Engineering masters program. In 2016 she served as Chief Technologist at the US Federal Trade Commission. She is also a co-founder of Wombat Security Technologies, Inc. She is a fellow of both ACM and IEEE. She practices yoga, plays soccer, and runs after her three children.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

Presentation Video

Equal Respect is a grassroots initiative that promotes open and respectful environments at professional events. More specifically, Equal Respect conferences call for prohibiting and discouraging promotional or marketing behaviors that disrespect groups of attendees based on gender, race, sexual orientation, religion, or ethnicity. Originated at RSA 2015, the Equal Respect initiative is a community effort, started by Chenxi Wang and Zenobia Godschalk.